JDK-8260551 : Release Note: Enable XML Signature Secure Validation Mode by Default
- Type: Sub-task
- Component: security-libs
- Sub-Component: javax.xml.crypto
- Affected Version: 8u411,11.0.23-oracle,17
- Priority: P3
- Status: Resolved
- Resolution: Delivered
- Submitted: 2021-01-27
- Updated: 2024-02-21
- Resolved: 2024-02-21
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 17 | JDK 8 |
|---|---|---|
| 11.0.23-oracleResolved | 17Resolved  |
8u411Resolved |
Description
The XML Signature secure validation mode has been enabled by default (previously it was not enabled by default unless running with a security manager). When enabled, validation of XML signatures are subject to stricter checking of algorithms and other constraints as specified by the `jdk.xml.dsig.secureValidationPolicy` security property. If necessary, and at their own risk, applications can disable the mode by setting the `org.jcp.xml.dsig.secureValidation` property to `Boolean.FALSE` with the `DOMValidateContext.setProperty()` API.